Digital signatures

The core of the method

Digital signatures are meant to authenticate documents, their authors and origin. It allows eliminating garblings in digital papers. Digital signatures are result of marriage between hash-algorithms and asymmetric cryptography. Having an intention to sign a document, the user should have special cryptography software.

How digital signature works: creation by the sender

Sender's side

1.Sender of the document generates a pair of asymmetric keys, which are associated only with this user. Private key is always kept secret and public key is sent to other users.

3.Sender’s private key is used to encrypt (lock) hash-code of the document. Result of private key encryption is the digital signature.

4.Digital signature is attached to the original document and sent out to the Recipient along with Sender’s public key and all required instructions.

Original document with attached digital signature

Different types of data may be digitally signed. Depending on software which you use you can sign emails, files, images, certificates, messages and many-many other types of digital data. Each new document will have own unique digital signature.

How digital signature works: verification by receiver

Recipient’s side

1.Recipient of the file gets the file itself, sender’s public key and attached digital signature. Sender’s public and private keys are linked mathematically and only matching pair may work together lock and unlock data properly.

Received document with the digital signature

2.Presuming that only Sender could use Sender’s private key, Receiver uses Sender’s public key and decrypts the signature.

Decrypting Sender’s signature

Hash-code generated by Sender

eac2b2fc61f9e2664828ef21a8f56c31

3.Using all instructions, which Sender sent, Recipient calculates own hash-code of the document.

3.Using all instructions, which Sender sent, Recipient calculates own hash-code of the document.

Hash-code generated by Recipient

eac2b2fc61f9e2664828ef21a8f56c31

4.Recipient compares hash value received from the Sender with calculated hash value

If

eac2b2fc61f9e2664828ef21a8f56c31

If

=

eac2b2fc61f9e2664828ef21a8f56c31

5.If the values match, Receiver accepts the document. Recipient is now absolutely sure that received message originates from the right Sender and that information in the message is really what the Sender wanted to say.

If at least one character was changed or at least one space was removed, the hash value would be absolutely different and verification of digital signature would fail. Digital signatures confirm that claimed Sender indeed sent the file Receiver has got and that received information is exactly what Sender has sent. Digital signatures ensure that information was not modified or altered when transmitted via unsecure channel.

Why use digital signatures?

Integrity control

If document was accidentally or intentionally modified, its digital signature becomes invalid. It is based on initial state of the file and corresponds only with it.

Forgery and tampering control

When checking for integrity it detects any tempering, thus, makes forgery unfeasible in most cases. Digital signature verification detects even nibble-size changes.

Author validation

Depending on document properties different fields may be signed, for example, "author", "alterations", "time stamp" etc. A private key may be associated only with one user.

Non-repudiation feature

Creating digital signature is possible only with the private key which only one person on Earth owns, so cannot deny his (or her) digital signature attached to documents.